GrandStream GXP-2000 VoIP Phone拒绝服务漏洞

https://cxsecurity.com/issue/WLB-2006100082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-086

GrandstreamGXP-2000VoIPDesktopPhone(固件版本1.1.0.5)。远程攻击者通过发送到(1)5060/UDP、(2)5062/UDP、(3)5064/UDP、(4)5066/UDP、(5)9876/UDP或(6)26789/UDP端口的大量ASCII数据使系统拒绝服务(挂起或重新引导)。

Title:  GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP
ports and DoS

Version: 1.1.0.5

Issues:

1.The phone has multiple undocumented open UDP ports, including 5062,
5064, 5066, 9876, 26789
2.Sending large amount of ascii data via NetCat to any open UDP port,
including UDP/5060, results in the phone either rebooting or placed in a
frozen state, possibly appearing normal (display maintains text, etc.),
except the phone will not be functional.

Credit:

Shawn Merdinger, Independent Security Researcher

来源:VUPEN
名称:ADV-2006-3941
链接:http://www.frsirt.com/english/advisories/2006/3941
来源:SECUNIA
名称:22265
链接:http://secunia.com/advisories/22265
来源:XF
名称:grandstream-udp-dos(29356)
链接:http://xforce.iss.net/xforce/xfdb/29356
来源:BID
名称:20356
链接:http://www.securityfocus.com/bid/20356
来源:www.grandstream.com
链接:http://www.grandstream.com/BETATEST/GXP2000_BT200/Release_Note_GXP2000-BT200_1.1.1.14.pdf
来源:FULLDISC
名称:20061005(0-Day)GrandStreamGXP-2000VoIPDesktopPhonemultipleundocumentedUDPportsandDoS
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049876.html
来源:SREASON
名称:1718
链接:http://securityreason.com/securityalert/1718